Mobile devices, such as smartphones and tablets, typically run modern mobile operating systems (mobile OS) such as Google Android, Apple iOS, Blackberry OS, Windows Phone, and so on and are often connected to one or more application distribution servers. This distribution server, often referred to as a Store or Market, provides access to a plethora of mobile applications. These mobile applications are often built using a software development kit provided for the mobile OS. The applications and the mobile OS are designed to inter-operate with one another and share data using documented and undocumented APIs. Sharing of data may either happen intentionally (e.g., contacts app providing APIs to access contacts) or without the user's knowledge (e.g., a file surreptitiously written by one application to a removable storage medium). Once an application has been installed, the user often has little say on how the application shares data. This is especially problematic in a corporate environment that requires policies governing who can share what with whom. Most mobile devices have a single layer of security. There is no ability to create separate zones for storing different data sets accessible by different applications especially when the applications are from multiple vendors.
There are a few solutions that have been proposed to solve this problem. One is to create a virtual machine application such as VMware™ that creates a virtual instance of a mobile device. This virtual device will then run another instance of the mobile OS platform such as Android. Each secure zone is mapped to an instance of a virtual machine. However, such a solution requires that the OS platform be modified and it may incur the performance penalties associated with the overhead of a virtual machine implementation on a hardware platform that is not optimized for virtualization applications.